This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 41%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hello,
Is there a way to bulk remove all phone numbers tied to all accounts within Azure AD for the 'Authentication Methods' field?
We are using Intune and PingID so we do not require a Microsoft authenticator app or phone/text verification however it appears IF someone's account has a number in the phone field it will prompt them to enable 2FA and/or use phone/text verification.
I would like to strip the numbers off all accounts in bulk vs manually going into each account to remove the number and save the edits.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 82%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
This script can remove all auth methods on a per user basis:
Hi RTB,
You can remove the phone numbers associated with Azure AD user accounts by using PowerShell and the AzureAD or the newer AzureADPreview module.
Here's a sample script to illustrate this. The script first retrieves all user accounts and then removes the phone numbers from the Authentication Contact Info.
# Install the AzureAD or AzureADPreview module if you haven't already
# Install-Module AzureAD
# Import the module
Import-Module AzureAD
# Connect to your Azure AD
Connect-AzureAD
# Get all users
$users = Get-AzureADUser -All $true
foreach ($user in $users) {
Set-AzureADUser -ObjectId $user.ObjectId -MobilePhone $null -TelephoneNumber $null
}
This script sets the MobilePhone and TelephoneNumber attributes to null, effectively removing them. However, please be aware that this script could have implications depending on your organization's use of these fields. It might be a good idea to do a test run with a small subset of users to ensure it works as expected.
You should replace the placeholders (<>) with your actual values. And as always, be sure to thoroughly test any script in a non-production environment before running it on your production environment.
This script assumes you have the necessary permissions to modify Azure AD user attributes. If not, you'll need to ask your Azure AD administrator to either perform these operations or grant you the necessary permissions.
Thanks for the quick reply! I tested this script and changed the -MobilePhone to just Mobile and got it working however I do not see the actual # getting removed within the admin console during testing.
I included some screenshots just in case we are referencing different attributes.